On Wed, Nov 06, 2013 at 09:23:42PM +0100, Takashi Iwai wrote:
Secondly, more importantly, it's end-users who would suffer from the sudden death problem, not the developers. This is the production level, so you can't justify the sudden death. And, with panic() by BUG*(), developers would receive only news that machines are killed without dying messages.
With the sort of systems these things are sold into users don't have any direct access to anything that'd let them trigger problems - the devices are sold as full stack integrated systems and the system integrators don't generally differentiate between what error handling would do and direct failures that much. It is better to handle things gracefully but we need to be realistic about the benefits.